| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 02 Feb 2024 20:08:31 -0600
From: Elizabeth Figura <zfigura@...eweavers.com>
To: Andi Kleen <ak@...ux.intel.com>
Cc: Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jonathan Corbet <corbet@....net>, Shuah Khan <shuah@...nel.org>,
linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
wine-devel@...ehq.org,
André Almeida <andrealmeid@...lia.com>,
Wolfram Sang <wsa@...nel.org>, Arkadiusz Hiler <ahiler@...eweavers.com>,
Peter Zijlstra <peterz@...radead.org>, Andy Lutomirski <luto@...nel.org>,
linux-doc@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject:
Re: [RFC PATCH v2 19/29] selftests: ntsync: Add some tests for
NTSYNC_IOC_WAIT_ANY.
On Wednesday, 31 January 2024 02:52:11 CST Andi Kleen wrote:
> Elizabeth Figura <zfigura@...eweavers.com> writes:
>
> > +TEST(test_wait_any)
> > +{
> > + struct ntsync_mutex_args mutex_args = {0};
> > + struct ntsync_wait_args wait_args = {0};
> > + struct ntsync_sem_args sem_args = {0};
> > + __u32 owner, index, count;
> > + struct timespec timeout;
> > + int objs[2], fd, ret;
> > +
> > + clock_gettime(CLOCK_MONOTONIC, &timeout);
> > +
> > + fd = open("/dev/ntsync", O_CLOEXEC | O_RDONLY);
> > + ASSERT_LE(0, fd);
> > +
> > + sem_args.count = 2;
> > + sem_args.max = 3;
> > + sem_args.sem = 0xdeadbeef;
> > + ret = ioctl(fd, NTSYNC_IOC_CREATE_SEM, &sem_args);
> > + EXPECT_EQ(0, ret);
> > + EXPECT_NE(0xdeadbeef, sem_args.sem);
> > +
> > + mutex_args.owner = 0;
> > + mutex_args.count = 0;
> > + mutex_args.mutex = 0xdeadbeef;
> > + ret = ioctl(fd, NTSYNC_IOC_CREATE_MUTEX, &mutex_args);
> > + EXPECT_EQ(0, ret);
> > + EXPECT_NE(0xdeadbeef, mutex_args.mutex);
>
> It seems your tests are missing test cases for exceeding any limits,
> especially overflow/underflow cases. Since these are the most likely
> for any security problems it would be good to have extra coverage here.
> The fuzzers will hopefully hit it too.
>
> Also some stress testing with multiple threads would be useful.
Thanks, I'll add these.
Powered by blists - more mailing lists